CVE-2015-7450

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_integrator:5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_common_reporting:2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_common_reporting:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_common_reporting:2.1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_common_reporting:3.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_common_reporting:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_common_reporting:3.1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_content_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_content_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_explorer_analytical_components:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_explorer_analytical_components:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_explorer_annotation_administration_console:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_explorer_annotation_administration_console:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.0:*:*:*:-:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:-:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:traditional:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:hypervisor:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:liberty:*:*:*

History

24 Jul 2024, 17:02

Type Values Removed Values Added
CPE cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:-:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_integrator:5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_content_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_explorer_analytical_components:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:traditional:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:liberty:*:*:*
cpe:2.3:a:ibm:watson_explorer_annotation_administration_console:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:hypervisor:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.0:*:*:*:-:*:*:*
cpe:2.3:a:ibm:watson_explorer_annotation_administration_console:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_explorer_analytical_components:*:*:*:*:*:*:*:*
References () http://www-01.ibm.com/support/docview.wss?uid=swg21971733 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg21971733 - Broken Link
References () http://www.securityfocus.com/bid/77653 - () http://www.securityfocus.com/bid/77653 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1035125 - () http://www.securitytracker.com/id/1035125 - Broken Link, Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/41613/ - () https://www.exploit-db.com/exploits/41613/ - Exploit, Third Party Advisory, VDB Entry
CWE CWE-94 NVD-CWE-noinfo
First Time Ibm watson Explorer Analytical Components
Ibm sterling Integrator
Ibm watson Content Analytics
Ibm websphere Application Server
Ibm watson Explorer Annotation Administration Console
Ibm sterling B2b Integrator

Information

Published : 2016-01-02 21:59

Updated : 2024-07-24 17:02


NVD link : CVE-2015-7450

Mitre link : CVE-2015-7450

CVE.ORG link : CVE-2015-7450


JSON object : View

Products Affected

ibm

  • websphere_application_server
  • sterling_integrator
  • watson_explorer_annotation_administration_console
  • watson_explorer_analytical_components
  • watson_content_analytics
  • sterling_b2b_integrator
  • tivoli_common_reporting